SCG News

Abstract

Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the IDE about the presence of such smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of the apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.

Abstract

The Android ecosystem allows development of apps with relative ease through the extensive Android API. When developing the apps, security issues are often overlooked by the developers. This thesis is based on a previous work which identified 12 such Inter Component Communication (ICC) security smells that can lead to numerous security breaches in the system. A static code analysis tool based on Android Lint was developed to identify them. To further understand why some of these smells are so prominent, this thesis evaluated their appearances based on several aspects. First the influence of developers in the projects was examined. The association of developers to different apps was cross-referenced with the occurrence of smells per project and we found that for most smells the developers have a tendency to make the mistake over more than one project. We also examined how updates affect smells. The updates rarely brought a change in smells and if they did they tended to have a negative impact. We performed a manual analysis of 100 apps with the most smells. The lint-based tool was found to have a good and correct detection rate. In the next study we examined if the smells that went unreported by the tool were correctly labeled as such and the reason for not them not being detected. In most cases this was due to the relevant Android API not being used. Finally, we did a study on the location of smells in the code base. We expanded the existing linting tool to include more metadata and analyzed all the apps once more. The different smell categories tended to have a varying degree of displacement of individual smells in the code base. The average number of distinct locations grew in the order of Java package, containing class and surrounding method for most of the smells. This thesis aims to help spread awareness abut ICC security smells and thereby fundamentally reduce the attack surface in Android.

Abstract

Automated testing is an important technique to ensure the quality of a software system, and there is a general consensus in industry that testing is a critical part of the development process. However, recent studies suggest that unit testing is not that widely practiced. In this thesis, we studied an industrial software project called EPOF with respect to testing. We tried to answer the question whether the discovery of bugs pushes the writing of tests, whether unit tests help to prevent bugs, and whether the system’s architecture facilitates or impedes unit testing. To answer those questions, we studied the bug reports and associated bug fix reports of the project. Our results showed that the test coverage was rather low, and most bugs were fixed without adding or changing any tests, most bugs were detected by manual testers or customers and not by the existing tests and that the testability of the code is low in most parts of the system. In 2017, the development team decided to give unit testing higher priority. Our results show that this decision, together with other development process improvements, indeed had a positive effect on the bug rate and the testability of the system.

Abstract

Exception handling is an integral part of programming. However, it is often not written in a way that makes it easily reusable. We have found exception handling code to often be copy pasted across multiple catch blocks instead of being made into a method. We also found that there are certain patterns across different methods when it comes to exception handling. That is why reusable exception handling would be a helpful feature for software development. By creating Modular Exceptions we offer a solution that enables programmers to easily apply and reuse exception handling to multiple methods. We achieved this by analyzing the knowledge gathered in previous research about exception handling and performing our own research of exception handling in Smalltalk. We then studied different implementation approaches such as dynamically rewriting the source code and method wrappers until we found the optimal approach. Our final product is written in Java and uses AspectJ in order to dynamically insert try-catch blocks into methods and to add exception handling into already existing catch blocks. These handler blocks are compatible with many methods and classes, and the user only has to write a few lines of code to get a specific method covered.

Abstract

The Android ecosystem allows development of apps with relative ease through the extensive Android API. When developing the apps, security issues are often overlooked by the developers. This thesis is based on a previous work which identified 12 such Inter Component Communication (ICC) security smells that can lead to numerous security breaches in the system. A static code analysis tool based on Android Lint was developed to identify them. To further understand why some of these smells are so prominent, this thesis evaluated their appearances based on several aspects. First the influence of developers in the projects was examined. The association of developers to different apps was cross-referenced with the occurrence of smells per project and we found that for most smells the developers have a tendency to make the mistake over more than one project. We also examined how updates affect smells. The updates rarely brought a change in smells and if they did they tended to have a negative impact. We performed a manual analysis of 100 apps with the most smells. The lint-based tool was found to have a good and correct detection rate. In the next study we examined if the smells that went unreported by the tool were correctly labeled as such and the reason for not them not being detected. In most cases this was due to the relevant Android API not being used. Finally, we did a study on the location of smells in the code base. We expanded the existing linting tool to include more metadata and analyzed all the apps once more. The different smell categories tended to have a varying degree of displacement of individual smells in the code base. The average number of distinct locations grew in the order of Java package, containing class and surrounding method for most of the smells. This thesis aims to help spread awareness abut ICC security smells and thereby fundamentally reduce the attack surface in Android.